CVE-2011-1263

Microsoft Windows Server 2008 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."

References (3)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA11-221A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12792

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-061

Scores

EPSS 0.3565

EPSS Percentile 97.0%

Classification

CWE

CWE-79

Status published

Affected Products (2)

microsoft/windows_server_2008

n/a/n/a

Timeline

Published Aug 10, 2011

Tracked Since Feb 18, 2026